Agent gateways are emerging as the control plane for enterprise AI
A new product category is crystallizing to solve why 40% of agentic AI projects fail: the missing control layer — infrastructure between AI agents and the systems they touch.
A new product category is crystallizing to solve why 40% of agentic AI projects fail: the missing control layer — infrastructure between AI agents and the systems they touch.
In June 2025, Gartner predicted more than 40% of agentic AI projects would be scrapped by 2027, not because the models reason poorly but because they cannot be wired reliably into enterprise systems. The pattern is now producing a discrete product category: the agent gateway, a piece of software that sits between an AI agent and the APIs, databases, identity systems, and tools it needs to do its job. In the span of a few weeks in mid-2026, Palo Alto Networks closed its acquisition of Portkey, Nutanix launched an agent gateway product, and the Linux Foundation's AAIF accepted AgentGateway as an open-source project. The market is independently converging on the same architectural slot.
The category is doing three jobs at once. First, it brokers traffic: an agent gateway decides which model to call, when to retry, and how to fan a request across multiple systems. Second, it governs that traffic. Gartner's scrappage forecast has a concrete parallel in security research. CyCognito reported discovering hundreds of externally reachable MCP services exposed on the public internet, MCP being the Model Context Protocol that lets agents call tools. A gateway is where authentication, rate limits, prompt-injection filters, and audit logs get bolted on. Third, it observes the traffic. Logs from the gateway are the only place an enterprise can see what the agent actually did, because the agent itself is non-deterministic and the model vendor has no visibility into the customer environment.
Each of the three jobs has been a discrete product before. Service meshes brokered service-to-service calls. API gateways enforced rate limits and auth. SIEM tools aggregated logs. Agent traffic differs from service-to-service traffic in one key respect: it is a model issuing natural-language instructions that get translated into tool calls, sometimes in parallel, with retries the model itself decides on. Existing infrastructure expects deterministic clients. Agents are not deterministic clients. The gateway is the patch.
Vendors are reading the same architectural gap. Portkey, before Palo Alto bought it, was already selling AI gateway infrastructure to enterprise developers; the acquisition folds that into a security vendor whose customers are worried about agent sprawl. Nutanix is pitching its gateway as part of an enterprise AI stack, alongside the hyperconverged infrastructure it already sells to on-prem customers. AgentGateway, now under AAIF, is the open-source counterweight. Open implementations like mcp-use treat the gateway as plumbing the industry should agree on rather than a feature each vendor should differentiate.
The interesting question is whether the gateway becomes a feature, a product, or a standard. Janakiram MSV's synthesis in Forbes argues the layer is following the same trajectory as API gateways a decade ago: vendors built them, customers bought them, and eventually the open-source implementations set the de facto interface. The risk is that the gateway ossifies around whichever security vendor wins the enterprise procurement cycle, locking in a particular shape for how agents see the rest of the stack before the engineering community has agreed on primitives.
Watch CyCognito's running count of exposed MCP services, the next round of AAIF contributor sign-ons, and whether hyperscalers ship their own gateway as a managed service rather than letting the open-source project define the default.